I might have chosen that too but I don't think that was a choice we ever had. That just how the LEDs are wired.
Blue for 2.5G would have been nice. 😉

Steve

It's also worth noting that that these numbers reset after each restart.

final update - I've tested with both DACs (works fine) and officially supported Intel 850 optics - also works well. I'm currently using the Intel optics since they are supported.

@steveits

Thank you both for your insight.

I will attempt the power-off method first, but I won't be able to do that unless I'm on-site this upcoming weekend.

I will report back with updates if it doesn't work out.

Unfortunately there was significantly more work required that that. We have had several developers working on it over the years bu each came to the conclusion that the work required to make it function usefully was more than the resulting improvement was worth.
Eventually we had to cease the development effort there.

Steve

It does depend where in the process it's rebooting.
If it's an older device that's been on a shelf somewhere and is just now being deployed then it may well be hitting a UFS filesystem issue and that check will resolve it.
However you might consider reinstalling as ZFS anyway since it's more convenient to do that now before it's been deployed.

Steve

No that's very much not typical for Netgate support. Do you have a ticket or RMA number so I can look into it?

Steve

@steveits said in Firewall Maximum Table Entries:

@cloudified Yes that's a bug, it's been there a while.
https://redmine.pfsense.org/issues/11566

Thanks, Steve.

@johnpoz said in SG-3100 switch weird behavior (resolved):

once you put it up, I will give it a go via a VM maybe. I don't as of yet have a pi4 to play with.. Been looking for an excuse to get one hehe.. But they have been hard to find as well, I would prob go with the 8GB ram model as well.

Done, english is not my first language so I hope its okay.

https://forum.netgate.com/topic/175394/graylog-server-on-a-raspberry-pi

I did it :
I changed

# Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/gptid/6a2f135c-af59-11ec-b93b-90ec7729392c none swap sw 0 0

for

# Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/nvd0p3 none swap sw 0 0

and suddenly, after reboot, I have a swap partition :

0bfa1530-daf3-4c61-9a0b-ad6a3116d6f8-image.png

@eria211 said in High load Netgate 6100:

@steveits I am absolutely stunned, as soon as I edited the file and reloaded pfblocker the CPU dropped to 33% and the load average has gone from 5.2 down to 2.45

Thank you for your help - I will make this change on the other 6100's 👍

This will also fix the IP blocking stats and reporting as well. I finally made this same change to my 6100 yesterday.

If you need that to resolve to a private IP you would still need to add that. Or you could disable DNS rebinding protection globally but adding that one domain is preferable.

Steve

Open a ticket. MCA errors like that are usually hardware related.

Steve

Were you able to resolve this?

Steve

The 1541 has an PCIe 3.0 x16 slot that has 4 lanes available (x4). Theoretically you can use either of those cards since PCIe will simply use the available lanes. The total throughput to the card would be reduced but that's unlikely to be a limiting factor in pfSense.

Steve

@ahxcjay said in Throughput problems on 4100:

@keyser said in Throughput problems on 4100:

We alle want to help, but it’s not very motivating when posts like yours just flame the product

Fair point, and I apologise. I was just so frustrated that I really really like the produt, yet the upload speeds were killing my enjoyment of it. I asked the mods to change $subject to something more appropriate.

The problem is that google searches from people also finds this post, and some people only read headlines….

Understand, and that was in my thinking also, hence the request to change the $subject.

This post on the other hand, just earns the full respect of all of us🙏

We can all make mistakes, especially when frustrated - but it takes a real man to own up to it, acknowledge a mistake was made and apologise.
If only all people showed this kind of respect instead of fleeing the “crime scene”, the Internet would be SO much a better place.

Thank you for responding and kudos to you👍

@rico said in A Very Happy Customer...:

Wow, nice rack! 👍

-Rico

Not bad for a home network. :)

Board manual shows:

Up to 128GB of DDR4 ECC RDIMM or 64GB of DDR4 ECC/Non-ECC UDIMM with speeds up to
2133MHz.

Which seems unclear. It has to match what's already in the though which should be 8 GB DDR4 2666 RDIMM.

Steve

That doc is a bit old really. Loading AES-NI by itself is better in anything after 22.01. The BSD crypto device is not used by anything usefully from that point on. OpenVPN (OpenSSL) will use AES-NI directly if the CPU supports it OpenVPN with DCO enabled will use it with the AES-NI module loaded as will IPSec.
And yes anything with QAT support should use that instead.

Steve

@hescominsoon You might want to consider tnsr first and then breaking down past that for the firewall needs.

Beyond that you might want to think about overall throughput. 1700 units over 10g is about 6mbps per location. You're talking about giving residents 8x that throughput - you will hit congestion at times, possibly very often.